Merge pull request #211 from WillAbides/commandcontext

Cosmin Cojocar · web-flow · commit 5ba647528ade · 2018-07-26T16:48:42.000+02:00
Make G204 look for CommandContext calls
diff --git a/rules/subproc.go b/rules/subproc.go
@@ -58,6 +58,7 @@ func (r *subprocess) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) {
 func NewSubproc(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
 	rule := &subprocess{gosec.MetaData{ID: id}, gosec.NewCallList()}
 	rule.Add("os/exec", "Command")
+	rule.Add("os/exec", "CommandContext")
 	rule.Add("syscall", "Exec")
 	return rule, []ast.Node{(*ast.CallExpr)(nil)}
 }
diff --git a/testutils/source.go b/testutils/source.go
@@ -408,6 +408,19 @@ func main() {
   	log.Printf("Command finished with error: %v", err)
 }`, 1}, {`
 package main
+import (
+	"log"
+	"os/exec"
+	"context"
+)
+func main() {
+	err := exec.CommandContext(context.Background(), "sleep", "5").Run()
+ 	if err != nil {
+		log.Fatal(err)
+	}
+  	log.Printf("Command finished with error: %v", err)
+}`, 1}, {`
+package main
 import (
 	"log"
 	"os"

Original file line number	Diff line number	Diff line change
`@@ -58,6 +58,7 @@ func (r subprocess) Match(n ast.Node, c gosec.Context) (*gosec.Issue, error) {`
`58`	`58`	`func NewSubproc(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {`
`59`	`59`	`rule := &subprocess{gosec.MetaData{ID: id}, gosec.NewCallList()}`
`60`	`60`	`rule.Add("os/exec", "Command")`
	`61`	`+ rule.Add("os/exec", "CommandContext")`
`61`	`62`	`rule.Add("syscall", "Exec")`
`62`	`63`	`return rule, []ast.Node{(*ast.CallExpr)(nil)}`
`63`	`64`	`}`